FIDO2 support

FIDO2 support and the ability to add your own 3rd party hardware tokens e.g Yubico tokens to work in conjunction with Authpoint logonapp.
Alternative - Create your own new hardware tokens that supports more modern and user friendly 2fa options

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @KAndersson
    FIDO2 does not appear to currently be on our roadmap. It may be in the future.

    -We do support both WatchGuard branded and third party hardware tokens. See:
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/tokens_hardware.html

    -The AuthPoint app supports other 2FA methods, such as scanning a QR code or push to approve notifications.

    -You can use some Yubico tokens with TOTP based systems. See:
    https://support.yubico.com/hc/en-us/articles/360013789259-Using-Your-YubiKey-with-Authenticator-Codes.

    Both systems have advantages and disadvantages. If you prefer using a FIDO based key system. If you would like some of the FIDO-ish advantages with AuthPoint, I would suggest using the AuthPoint mobile app. It provides a good majority of the convenience features that FIDO authenticators such as Yubikey do while being easily revocable and deployable via phones, vice having to purchase and deploy a new FIDO key.

    -James Carson
    WatchGuard Customer Support

  • Hi @james.carson

    Well aware of the TOTP based alternatives, hence the wanting of another more modern solution. That also could be used with other services in a smooth way.
    A hardware token that isn't a Tamagotchi from 1995.

    Authpoint mobile isn't applicable everywhere e.g customers without company phones that does not wanna have work apps on their private phones or shared computers in let's say a manufactoring plant. Logon with Authpoint with a touch on your 2FA hardware key (of any brand, maybe WG branded? just saying), through out ecosystem such as M365 and WG mobile vpn:s and on to other plattforms.
    Wow what a dream.

    It's not black or white, we have Authpoint deployed at many customers, but the use case doesn't fit all with the current options. Far from it. You don't want seven different mfa apps or dongles to be able to work.

    I take you links into account and putt my vote in for some other WG options in the future.

    Thanks for your time

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @KAndersson I'll pass your request onto the product managers.

    There is an existing feature request, and that is AAAS-12937. If you'd like to follow that request, please create a support case and mention AAAS-12937 in the case.

    -James Carson
    WatchGuard Customer Support

  • FIDO 2.0 is a credential type, not a token and they are device bound. We do not have a strategy to BYO HW Tokens / Passkey credentials issued by third-parties to our platform.

Sign In to comment.